From Both Sides of the Pond, Personal Information Can be Tracked and Sold

Through the use of online and offline data, data companies make lists of your personal information to sell to marketers.

What you watch or read. What you’ve bought, and how you bought it. What you might buy next. How to contact you. Who you talk to. Where you approximately are right now.

Sites that use cookies know all of this information about you. Then all of that information can be used by marketers and the businesses who own those sites to find and market to you.

Cookies, according to the Information Commissioner’s Office (ICO), “allow the website to recognize that user’s device and store some information about the user’s preferences or past actions.”

In the United Kingdom, websites, by law, must clearly explain their use of cookies and get the user’s explicit consent. In a previous article in London Stories, U.K. cookies were defined more thoroughly, which you can find here.

There are two types of cookies: essential and third-party cookies. Essential cookies help the website function, and third-party cookies collect extra information for the purposes of the website knowing who its audience is, and then data brokers can take that information and sell it to marketers who then advertise to you.

Anastasia Herberger, an 18-year-old engineering dynamics student from Texas, found advertisements so intrusive that she blocked all cookies through a setting on her Apple products.

Anastasia Herberger works on her assignments via her Apple iPad and iPhone. (Photo: Marcy Wilder)

“I don’t know for sure but I do suspect they take more than they say they do so I try and be as private as possible,” said Herberger.

Luckily for her, non-U.K. residents have a bit more protection in the U.K.

Simon Lamb, account director at DBS Data, a direct marketing company, said DBS takes care in verifying that their data lists only contain U.K. residents. They also take care to make sure the companies they work with abide by General Data Protection Regulation (GDPR) guidelines, which have the rules for the protection of personal data.

“Every piece of direct mail and email, we request clients place company name and registration and how to unsubscribe,” said Lamb in a phone interview. “Especially through this period of post-COVID, using platforms we provide, we can update people who’ve passed away, moved addressed, who’ve requested to be removed, [etc.]”

Cookies aren’t the main source of information for DBS, they use mainly offline data, from surveys, business information, the government, and transactions in the U.K.

“The whole thing is kinda scary,” said Luke Wade, a 24-year-old U.K. native who works the front desk at The Stay Club Kentish Town. “I know it’s…impossible to stop kind of because they go through multiple different sources and you’d have to be really meticulous for them to [know they can’t use your data]. I think the law needs to kinda change in that respect.”

DBS’s post-campaign analysis program for mail, TV, and press are similar to a service Google provides called Google Analytics. DBS and other data marketing companies focus on businesses, but Google Analytics work on websites specifically.

As outlined in their Privacy and Terms Policy and Privacy Policy, Google and Google Analytics use cookies to track everything from preferred language, to search history, to your precise location and IP address. A longer list will be included at the end of the article.

All of this information can then be compiled to make a user ID that can then be put into lists by data brokers to sell.

Smith’s Clarity Solutions, who did not return a request for comment, advertises on their homepage what type of records they have and how many. They have 22,977 records on restaurants in the U.K., 4,327 records on printing companies with more than two employees, 10,375 records on HR Decision Makers with more than 50 employees, and 4,577 records on Estate Agencies that include emails.

The scroll on Smith’s Clarity Solutions displays the most recent records they’ve identified.

In 2018, Privacy International (PI) ordered Experian, a credit broker, “to make fundamental changes to how it handles people’s personal data within its offline direct marketing services” as an investigation made by PI found “widespread and systemic data protection failings across the sector.” The data that was obtained by Experian was being used by political parties, law enforcement, and more for “increasingly intrusive surveillance activities” and “a higher degree of effectiveness and accuracy” for political ads. Experian could not be contacted for comment.

Wade finds this ruling against Experian scary. “They hold a lot of information about you,” said Wade.

However, there is a way to protect your personal information from data brokers. DBS has options to unsubscribe from all digital and physical marketing communications. Acxiom, a data company that works in both the U.S. and the U.K., at the bottom of the U.S. site has an opt-out form that can be found by pressing the message “DO NOT SELL MY PERSONAL INFORMATION.” This message cannot be found at the bottom of the U.K. site. The U.S. and the U.K. Acxiom domains display two different cookie pop-ups, but Acxiom did not return the request to comment by publication time.

The cookies message for the Acxiom U.S. domain.

The cookies message for the Acxiom U.K. domain.

The bottom of Acxiom U.S. domain (left) and U.K. domain (right)

There is also OptOut UK, a service that will remove a U.K. resident’s information from data brokers and telemarketers, and will delete it monthly. OptOut UK could not be contacted for comment. There is no service like this that could be found in the U.S., but every data broker page should have an opt-out option.

Thankfully with the rise of data brokers, there is also an increase in ways to protect yourself.

Isabel, a 20-year-old biology student from Virginia, who declined to give her last name due to privacy, is starting to look at more ways to protect herself online.

“My personal information is everything,” said Isabel. “That’s my whole life.”

Full and complete as possible list of the items tracked by Google’s Cookies:

1. Preferred language
2. Amount of results preferred on a search page
3. SafeSearch preference
4. Personalization of auto-complete
5. Personalization of recommendations
6. Preventing sites from acting on the users behalf
7. Recording and encryption of a user’s Google ID
8. Distinguish between users
9. Personalization of advertisements
10. Record precise location
11. Type of operating system
12. Device settings
13. IP Address
14. Crash reports
15. Date and time
16. Interactions between apps and websites
17. Search and watch history
18. Ad interaction
19. User communications with other users
20. Purchase activity
21. Session duration